Flaw in Amazon's Ring doorbell could have allowed hackers to control homes

Amazon Ring doorbells leaks user’s home Wi Fi passwords to hackers

10 deals you don’t want to miss on Saturday: Ring Video Doorbell 2, $6 smart plugs, Sony and Bose ANC headphones, more

New research has found that Amazon Ring smart doorbells may have a number of signficant security flaws. But this is another example of why owners of "Internet of Things" devices should consider using Wi-Fi routers capable of segmenting networks or offering "guest" Wi-Fi networks that restrict access by connected devices to the Internet only.

Amazon quietly patched the issue weeks ago but is only just now notifying its users and the general public, so there's at least the possibility that your wifi password was compromised. With these credentials, it would then be possible to launch a wider privacy-invading attack on households, accessing all manner of data and devices on home networks. "Meanwhile the attacker is sniffing all the packets, waiting for the plaintext credentials to be sent to the device", writes Bitdefender.

The problem comes with the fact that the exchanges between your smartphone and the doorbell, and then between the doorbell and your Wi-Fi network are transmitted through plain HTTP.

The vulnerability was discovered in June by security researchers at Bitdefender, who disclosed it to Ring through HackerOne bug bounty programme. As much as smart home devices are created to make our lives easier and homes more secure, researchers keep finding vulnerabilities that allow them to get access to the very thing they're trying to protect. Netgear Arlo home surveillance cameras and Zpitao smart hubs, which can lock or unlock doors remotely, both relied on easily hackable technology that would have enabled outsiders to view video recorded at their home, or unlock the doors.

Amazon has faced intense scrutiny in recent months for Ring's work with law enforcement. The devices are so effective as surveillance equipment that police departments throughout the USA have started offering discounts to citizens, and sometimes use tax dollars to pay for Ring products, as CNET and other outlets have reported in detail.

It was reported this week that Ring had bragged on Instagram about tracking millions of trick-or-treaters this Halloween.

Latest News